Less confused than when I posted yesterday. But still not golden. The ADS stuff works if I test with nsswitch.conf containing _only_ winbind, like:
passwd: winbind group: winbind But if I have it as "files winbind" (of course necessary to not have the local accounts time out and the system become unusable) then there are problems. Trying a login with smbclient from another box with the same ADS user which works when it's just winbind for passwd and group logs the error: [2008/02/14 13:16:39, 2] smbd/service.c:make_connection_snum(616) user 'whit' (from session setup) not permitted to access this share (BLAH) While smbclient shows: tree connect failed: NT_STATUS_ACCESS_DENIED But 'whit' is in the valid users list in smb.conf for that share, and is working with the winbind-only configuration of nsswitch.conf, as well as with the smbpasswd-only configuration of samba. It works if I comment out the ADS lines from smb.conf, and run against an smbpasswd file. When Samba's doing ADS, even with "files winbind" in the nsswitch.conf settings, and 'whit' in smbpasswd, running with the smbpasswd password for 'whit' produces: session setup failed: NT_STATUS_LOGON_FAILURE But "files" should have had it looking to system files first, right? So it should have succeeded rather than fallen through to NT_STATUS at all? Searching through the list archives, there's a hint this may be connected to pam issues? Have others run into this? Best, Whit -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
